Cell-phone WiFi | The Top 20 Cyber Attacks on Industrial Control Systems #10 | iSi

DOWNLOAD THE ACCOMPANYING WHITE PAPER TO THIS SERIES
The Top 20 Attacks on Industrial Control Systems - https://hubs.ly/H0JJ7ng0

WATCH MORE EPISODES
Find the playlist here: https://hubs.ly/H0BrWYM0

0:00 Introduction
1:16 Attack Scenario
6:00 Sophistication
7:08 2013 Security Posture
8:51 Unidirectional Security Gateway
10:01 The Score Card

THE INDUSTRIAL SECURITY INSTITUTE
OT / industrial / ICS cybersecurity concepts from the perspective of the world’s most secure industrial sites. Truly secure sites ask different questions, and so get different answers. Subscribe to never miss an episode: https://hubs.ly/H0BBwr80

EPS. 10 - CELL-PHONE WIFI ATTACK
Sophisticated attackers seek to inflict damage on a geography they are unhappy with for some reason. The attackers create a useful, attractive, free cell phone app. The attackers use targeted social media attacks to persuade office workers at critical infrastructure sites in the
offending geography to download the free app. The app runs continuously in the background of the cell phone. While at their critical infrastructure workplaces, the app instructs the phone to periodically scan for Wi-Fi networks and report such networks to a command and control center. The attackers again, use social media, social engineering and phishing attacks to impersonate insiders at their target organizations, and extract passwords for the Wi-Fi networks. Several of these password protected networks are part of critical infrastructure industrial control systems. The attackers log into these networks using the compromised cell phones and carry out reconnaissance by remote control until they find computer components vulnerable to simple denial of service attacks, such as erasing hard drives or SYN floods. The attackers compromise plant operations, triggering an unplanned shutdown. They then disconnect from the Wi-Fi networks, and then repeat this attack periodically

THE TOP 20 CYBERATTACKS ON INDUSTRIAL CONTROL SYSTEMS
These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. In this series we show how to use the Top 20 Cyberattacks to compare the strength of two security postures at a hypothetical water treatment plant: Defence in depth 2013 (software based security) vs. that same security posture plus a unidirectional security gateway device providing hardware-enfonced security). We ask the question, does either defensive posture reliably defeat each attack? Over the course of 20 episodes we build a score card that can be used to easily communicate risk reduction benefits to business decision-makers who are not familiar with cyber-security

ABOUT ANDERW GINTER
At Waterfall, Andrew leads a team of experts who work with the world’s most secure industrial sites. He is author of two books on industrial security, a co-author of the Industrial Internet Consortium’s Security Framework, and the co-host of the Industrial Security Podcast. Andrew spent 35 years designing SCADA system products for Hewlett Packard, IT/OT connectivity products for Agilent Technologies, and OT/ICS security products for Industrial Defender and Waterfall Security Solutions.

DISCOVER MORE RESOURCES
The Industrial Security Podcast: https://hubs.ly/H0z87QJ0
Free book: Secure Operations Technology: https://hubs.ly/H0HVB_n0

FOLLOW ANDREW GINTER
LinkedIn: https://hubs.ly/H0xHqst0
Twitter: https://hubs.ly/H0xHqTq0

FOLLOW WATERFALL SECURITY SOLUTIONS
Website: https://hubs.ly/H0xHqVP0
Twitter: https://hubs.ly/H0xHqZw0
LinkedIn: https://hubs.ly/H0xHr0g0
Facebook: https://hubs.ly/H0xHr340

#IndustrialSecurity #Cybersecurity #CellPhoneWifi